@chapter "4.12.2 Interaction with the script-src directive"
The document contains one example for the case
"nonce provided and correct / src not allowed by script-src directive".
There should be an example for the inverse case
"no nonce provided / src allowed by script-src directive".
As it currently stands, the second case script would be rejected because it doesn't have a nonce.
Intuitively I would assume the script to be safe because it comes from a whitelisted origin.
Therefore I would propose to restrict the relevant enforcing rule to only script tags with content.
Sincerely,
Flo